Git-Mirrors/invidious
1
0
Fork 0
mirror of https://github.com/iv-org/invidious.git synced 2025-03-13 01:16:41 -04:00
Code Issues Packages Projects Releases Wiki Activity

Merge b89117e99e0ef4c4a29492fdc0420aa0216e2369 into adcdb8cb92bbf61bac46102eff026593d0bc87b0

Browse Source
This commit is contained in:
lekma 2025-03-02 15:41:15 +01:00 committed by GitHub
commit 5ea9cd4370
No known key found for this signature in database
GPG Key ID: B5690EEEBB952194
1 changed files with 11 additions and 5 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

16
src/invidious/routes/api/v1/authenticated.cr
View File

@ -398,7 +398,8 @@ module Invidious::Routes::API::V1::Authenticated
user = env.get("user").as(User)
locale = env.get("preferences").as(Preferences).locale
case env.request.headers["Content-Type"]?
content_type = env.request.headers["Content-Type"]?
case content_type
when "application/x-www-form-urlencoded"
scopes = env.params.body.select { |k, _| k.match(/^scopes\[\d+\]$/) }.map { |_, v| v }
callback_url = env.params.body["callbackUrl"]?
@ -419,11 +420,16 @@ module Invidious::Routes::API::V1::Authenticated
callback_url = URI.parse(callback_url)
end
if sid = env.get?("sid").try &.as(String)
env.response.content_type = "text/html"
if content_type != "application/json"
if sid = env.get?("sid").try &.as(String)
env.response.content_type = "text/html"
csrf_token = generate_response(sid, {":authorize_token"}, HMAC_KEY, use_nonce: true)
return templated "user/authorize_token"
csrf_token = generate_response(sid, {":authorize_token"}, HMAC_KEY, use_nonce: true)
return templated "user/authorize_token"
else
# is it enough?
env.response.status_code = 403
end
else
env.response.content_type = "application/json"